Electronic/digital signatures accomplish three goals: protection from data tampering; signature authentication; and nonrepudiation, which means all parties are legally bound by digitally signed agreements. To endow transactional parties with the ability to establish digital signature mechanisms to make online contracts and transactions legally binding, President Clinton, on June 30, 2000, signed into law the Electronic Signatures in Global and National Commerce (E-Sign) Act. The electronic signature provisions took effect on Oct. 1, 2000. Electronic record-keeping requirements will take effect on March 1, 2001.
Motivated by the wide disparity in state electronic signature and commerce statutes passed in the past five years, the E-Sign Act supports added corporate protection in the process of building more efficient business-to-business (B2B) and business-to-consumer (B2C) e-commerce systems. With E-Sign's passage, electronic signatures essentially gained equal legal status with those created by using pen and paper. Businesses can now accept electronic signatures in the transaction process, thereby enabling faster, easier, more efficient, and less expensive alternatives to conduct online trade.
However, the E-Sign Act's approach is both endorsing and damning due to the open-ended definition of electronic signatures. As stated in the E-Sign Act, electronic signatures can be an "electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record." It's up to the sender and receiver to agree upon the form of signature acceptable to both.
Considering that electronic signature products impact online privacy and fraud as well as transaction efficiencies, there is little doubt signature-related technology will get a boost from the E-Sign Act. In fact, thanks to E-Sign's passage, several vendors have developed or expanded signature products and services to take advantage of what will ultimately be a significant revenue increase for the security market (see text box, Signature Alternatives). However, corporate security professionals and individual consumers must look out for operational inconsistencies, such as software conflicts, that vendors won't disclose when rolling out their new signature products and services.
Benefits That May Bite
By embracing electronic/digital signatures, companies involved in high-volume, online B2B transaction activity may benefit from several advantages. Digital signatures offer a greater degree of security than handwritten signatures because recipients of digitally signed messages can confirm message origination and can also verify that messages were not altered. In addition:
Unfortunately, the wide variation of acceptable signatures enabled by law places further pressure on corporate security professionals to closely oversee signature conveyance to ensure transactions cannot be repudiated or later disowned with signature forgery claims.
Here lies a conundrum. Given the broad range of signature alternatives available, the wide range of related state laws previously passed, and the lack of standardized technology for message authentication and validation, can corporations moving high volumes of electronic transactions and communications find a seamless, straightforward, inexpensive, and robust signature solution?